sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
279 commits 1 branch 0 tags 1.1 MiB
Commit graph

17 commits

Author SHA1 Message Date
Aaron Suggs
76c2e31430 Normalize request paths when using Rails' ActionDispatch 
The issue
---

When using rack-attack with a rails app, developers expect the request
path to be normalized. In particular, trailing slashes are stripped so
a request path "/login/" becomes "/login" by the time you're in
ActionController.

Since Rack::Attack runs before ActionDispatch, the request path is not
yet normalized. This can cause throttles and blacklists to not work as
expected.

E.g., a throttle:

    throttle('logins', ...) {|req| req.path == "/login" }

would not match a request to '/login/', though Rails would route
'/login/' to the same '/login' action.

The solution
---

This patch looks if ActionDispatch's request normalization is loaded,
and if so, uses it to normalize the path before processing throttles,
blacklists, etc.

If it's not loaded, the request path is not modified.

Credit
---
Thanks to Andres Riancho at Include Security for reporting this issue.
 2015-12-18 11:12:11 -05:00
Aaron Suggs
2b14a1528b Remove support for ruby 1.9 2015-11-06 10:32:14 -05:00
hakanensari
0640a53cdf Use Appraisal to test against multiple versions 2014-04-09 13:11:43 +01:00
hakanensari
128c5aa9bf Support a Dalli Connection Pool 2014-04-01 12:10:32 +01:00
Aaron Suggs
f8b516fb11 Remove debugger as development dependency 2013-12-27 22:28:13 -05:00
Aaron Suggs
5a37bb102f Add license to gemspec 
Fixes issue #26
 2013-07-17 10:37:26 -04:00
Zach Millman
1c501e81a6 Reduce Ruby version dependency to 1.9.2 
Also added 1.9.2 to Travis config file
 2013-07-12 15:02:52 -07:00
Vipul A M
384892ce4c Make debugger dependency only for ruby platforms 2013-05-06 20:58:01 +05:30
Vipul A M
4fcbe790ed Remove debugger dependency, as it isn't used 2013-05-06 11:53:58 +05:30
Vipul A M
9c0cbad1e7 bump debugger version for 2.0 support 2013-05-03 12:33:38 +05:30
Aaron Suggs
cf508e1d18 Support RedisStore as cache store 
Add tests for different cache stores
 2013-02-25 12:09:59 -05:00
Aaron Suggs
f82750c1c2 Move license to readme 
…so it doesn't mess with autocomplete.
 2012-07-30 15:46:47 -04:00
Aaron Suggs
359ebe9068 Change description 2012-07-29 10:52:00 -04:00
Aaron Suggs
c22c33f9ec add rake 2012-07-27 09:56:15 -04:00
Aaron Suggs
9284a08cc3 Whitelists support 2012-07-26 17:29:09 -04:00
Aaron Suggs
885b19c633 added license and readme 2012-07-25 10:25:14 -04:00
Aaron Suggs
140ea86b7c Initial commit 2012-07-24 19:40:55 -04:00